from rest_framework import permissions

class IsCaseOwnerOrAdmin(permissions.BasePermission):
    """用例创建者或管理员可访问"""
    def has_object_permission(self, request, view, obj):
        if hasattr(obj, 'created_by'):
            return obj.created_by == request.user or request.user.role == 'admin'
        return False